mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-03 11:32:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2019-04-23 02:25:44 +00:00
parent 870f7b904a
commit a7bb6d2d1c
8 changed files with 208 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 441860 BLAKE2B 42660ae46077e4a9e7437540059276e5d8c03bba0cbf41ae4d1528525d01c1f1aa20986d326ca29f6b004f9ed6d1432a8d0d2105937171bf162dea272120291b SHA512 1f444ca7421a7efb1ae619b481942be43c32f3ca1b877de6feb5d595fd24bd2f5594ee8a4f3f194f5a5b6f9006b608396118df784309aa0cc2de9b3e6a17424a MANIFEST Manifest.files.gz 442494 BLAKE2B ea6e4d13fed10b9dc7cd8a15d0158e6d9956295e733d9c58e7ad42757e48c466dcbf29b90a95203fa76be9b2ce5c403a61d560e58c77f3a9def96a74982c8d4f SHA512 822a6f67d551562039f8079880b76f65668f36de8582dd99f5fd15f76cc5aad88c83d341fb2a0b1d48467ad0bc300afe2adef18e2b56f85af07a5740e2e3c648
TIMESTAMP 2019-04-17T20:08:50Z TIMESTAMP 2019-04-23T01:38:53Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly3h9JfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly+bK1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klCosw/+Jsxx5eQYhfqE+nllUNMvYqnA4JGQvF4sx9iE4taLkgObjgtPJtplUmFY klBFXBAAmTHnJ+9Kf9ZeiyVnrMWPlcyUFeY0IbrilUWWYRnygvwIYcsHqTOFHVk3
we74NGpt6LzSHq2RBCw8A6Dmely8aHrIR8qI0WX+LzsPfTKBTiMRUFEkP1kbG5SA Qdz3PW71QVXcK1pObQMIoEoT+3XgYa6gcFmNkyfNni3xHNs1gw+yTr+h8hGcsNl7
MgRROa7kwt8BIMgHbBVjg09ZTZ3TDme7HDitK/a+jtpCaqOtHsGJTVrrzcRyyGj4 AWyODlCZrzLZns9T3ev8UdUPgLpjfPxRMJ76AcAXirxDZIZUo45fd3Lpc8fQ9ZTU
zR//jMy6QFU5z6pQAqcUF8qVy0fAQhGx3Q5vO5/FOFt/vo1VC1fsTRnFPi09wv4s FgPjRuiwONjS6MMNFxoXaoH3fzSKjvLvAgXnnV9ScOy2pVrdXExvCc1LvKxvjb1r
/hr22RIL/l//CVDCTargPtnXGQGkIualx6ANdvkU5OUsxyppLgMHnt10cJQ21hCS cSoMFJ3RrqVZMCmL5dAQ5Yj5FsYINFrjgWf4d8z/LLx4s8wZ3wc0RsI2Rz2JFVKG
CWwQOpql6rXJ1t5ziQwzNaQUzjoVGf3yEu09hUjPkuJCMVszI/6xwDec35iRi/19 yGstXmE+n0dVkKYfai9ZT4uGQZCjS8/WNXiGShgCzEMR72Dy3GZuwxRijLMclAqs
9nfVvwlFC3RRCxWTN4928WOSTgCMF9gKQzs1kVuvsENDXq7u9LvXhXdfgg5LK53R FqBoz3SQ1Li+WHli2L5AS2FDq+xixlx1dREb/Dn7V5V+Rv5mVgFzcUtVSSjtUklw
m7LAEPez2Fs++LMp9S7q/ldjM6bksdoN+dMiT9jVYf3mNxR4SRoLaghJ9JTr61Ne lggR/RS6ayr4OuHNqslNjOuy6dkncyXK8+17fwskxAKurp9ZHtp263DJ4rA3pkXi
d5XnILqhUz6vIRSqFjZnoF3FVlNK3uubRoh8QUWwHoKCFqMzNeGlpP/6c2YbyQB7 pCCDaqJQs1pOJlfoGp0UKYjrsCMG/QAe/FGhAZoZrgkmttqIm5EHeBRXWnBiOpuG
mfSlVfQN4EuKzDHBv+PAja1oqfTRd8kKfRWpPdFZN4HHeQvRdE3uLyVQMm/BOw2x YqPjhQ1k1F6g8KR2nVtVt1CmEsxv0uHDSpsdR+iIEfMZ6q7qehsSJf944RneqRVw
uyn2vCYItXQv+Tq3kZ8o9IlsvbczE9Xna0BlRqMEa/6RCUYIrH8= UBxbtACDiOScMl1LH4bUY78obFeZt6nkSLFQDkJ+BnUj12Vqlc8=
=6T8P =tjB4
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-20.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201904-20">
<title>Apache: Privilege escalation</title>
<synopsis>A vulnerability in Apache might allow an attacker to escalate
privileges.
</synopsis>
<product type="ebuild">apache</product>
<announced>2019-04-22</announced>
<revised count="1">2019-04-22</revised>
<bug>682306</bug>
<access>remote</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">2.4.39</unaffected>
<vulnerable range="lt">2.4.39</vulnerable>
</package>
</affected>
<background>
<p>The Apache HTTP server is one of the most popular web servers on the
Internet.
</p>
</background>
<description>
<p>A vulnerability was discovered in Apache with MPM event, worker, or
prefork.
</p>
</description>
<impact type="normal">
<p>An attacker could escalate privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apache users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.39"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0211">CVE-2019-0211</uri>
</references>
<metadata tag="requester" timestamp="2019-04-21T03:09:02Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-04-22T23:27:43Z">b-man</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-21.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201904-21">
<title>SQLite: Remote code execution</title>
<synopsis>A vulnerability in SQLite may allow for the remote execution of
code.
</synopsis>
<product type="ebuild">sqlite</product>
<announced>2019-04-22</announced>
<revised count="1">2019-04-22</revised>
<bug>672942</bug>
<access>remote</access>
<affected>
<package name="dev-db/sqlite" auto="yes" arch="*">
<unaffected range="ge">3.25.3</unaffected>
<vulnerable range="lt">3.25.3</vulnerable>
</package>
</affected>
<background>
<p>SQLite is a C library that implements an SQL database engine.</p>
</background>
<description>
<p>An integer overflow was discovered in SQLites FTS3 extension.</p>
</description>
<impact type="normal">
<p>A remote attacker could, by executing arbitrary SQL statements against a
vulnerable host, execute arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All SQLite users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.25.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20346">CVE-2018-20346</uri>
</references>
<metadata tag="requester" timestamp="2019-04-20T00:53:44Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-04-22T23:31:33Z">b-man</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-22.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201904-22">
<title>OpenDKIM: Root privilege escalation</title>
<synopsis>A vulnerability was discovered in Gentoo's ebuild for OpenDKIM
which could lead to root privilege escalation.
</synopsis>
<product type="ebuild">opendkim</product>
<announced>2019-04-22</announced>
<revised count="1">2019-04-22</revised>
<bug>629914</bug>
<access>remote</access>
<affected>
<package name="mail-filter/opendkim" auto="yes" arch="*">
<unaffected range="ge">2.10.3-r8</unaffected>
<vulnerable range="lt">2.10.3-r8</vulnerable>
</package>
</affected>
<background>
<p>A community effort to develop and maintain a C library for producing
DKIM-aware applications and an open source milter for providing DKIM
service.
</p>
</background>
<description>
<p>It was discovered that Gentoos OpenDKIM ebuild does not properly set
permissions or place the pid file in a safe directory.
</p>
</description>
<impact type="normal">
<p>A local attacker could escalate privileges.</p>
</impact>
<workaround>
<p>Users should ensure the proper permissions are set as discussed in the
referenced bugs.
</p>
</workaround>
<resolution>
<p>All OpenDKIM users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-filter/opendkim-2.10.3-r8"
</code>
</resolution>
<references>
</references>
<metadata tag="requester" timestamp="2019-04-02T07:15:45Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-04-22T23:34:15Z">b-man</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-23.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201904-23">
<title>GLib: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in GLib, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">glib</product>
<announced>2019-04-22</announced>
<revised count="1">2019-04-22</revised>
<bug>668474</bug>
<access>remote</access>
<affected>
<package name="dev-libs/glib" auto="yes" arch="*">
<unaffected range="ge">2.56.4</unaffected>
<vulnerable range="lt">2.56.4</vulnerable>
</package>
</affected>
<background>
<p>GLib is a library providing a number of GNOMEs core objects and
functions.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GLib. Please review the
referenced bug for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced bugs for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GLib users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.56.4"
</code>
</resolution>
<references>
</references>
<metadata tag="requester" timestamp="2019-03-10T06:13:16Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-04-22T23:36:01Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 17 Apr 2019 20:08:47 +0000 Tue, 23 Apr 2019 01:38:49 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
6c18ba31f4c4516ed01d1b3ca04795cfadc11f86 1555526007 2019-04-17T18:33:27+00:00 76232d72230fb0f05eaefd8d7f5efcf5b14047c1 1555976179 2019-04-22T23:36:19+00:00